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This action is in response to the communication filed on 8/30/2005. 
DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 8/30/2005 have been fully considered but they are not 
persuasive. Applicant argues primarily that: 

i. Maher did not disclose "passive" monitoring. 

ii. Maher did not disclose "datagrams" but instead disclosed "packets". 

iii. Maher did not disclose "receiving copies" of datagrams, 

iv. Maher did not disclose reassembling into network protocol packets, 

V. Maher did not disclose processing based on the transport layer protocol, 

vi. Maher did not disclose decoding the reassembled segment prior to 
scanning. 

vii. Maher did not disclose terminating the packet stream if the segment is not 
infected. 

viii. Maher did not disclose all of "logging an infection; generating a warning; 
spoofing a valid datagram; and acquiescing to the infection. 

Regarding applicants' argument i., that Maher did not disclose "passive" monitoring, the 
examiner has considered the argument and does not find the argument persuasive. The claim 
requires that only the "network interface" be passive. As clearly disclosed by Maher in Col. 5 
Lines 42-57, the fast path data bus receives the fi-amed and formatted data from the physical 
interface 102, which meets the requirement of the network interface of the claim language 
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1 "receiving incoming datagrams structured in compliance with a network protocol layer". 

2 Therefore, the examiner does not find the argument persuasive. 

3 Regarding applicants' argument ii. that Maher did not disclose "datagrams" but instead 

4 disclosed "packets", the examiner does not find the argument persuasive. Maher disclosed 

5 packets throughout the specification (i.e. Col. 5 Lines 63-65) and only disclosed IP type data 

6 (See Col. 7 Paragraph 3). As such, Maher disclosed IP packets and because IP packets contain 

7 destination address information, they fall within the scope of a "datagram" (See Microsoft 

8 Computer Dictionary Fifth Edition Page 143). Therefore the examiner does not find the 

9 argument persuasive. 

10 Regarding applicants' argument iii. that Maher did not disclose Maher did not disclose 

1 1 "receiving copies" of datagrams, the examiner does not find the argument persuasive. Maher 

12 disclosed receiving data that was taken from the physical ports, framed, and formatted in Col. 5 

13 Lines 42-57. This constitutes "copied datagrams" as the data was "copied" from the data present 

14 at the physical ports. As such, the examiner does not find the argument persuasive. 

15 Regarding applicants' argument iv. that Maher did not disclose reassembling into 

16 network protocol packets, the examiner does not find the argument persuasive. Maher disclosed 

17 assembling ATM cells (data link layer datagrams) into complete data packets, which constitute 

18 network protocol packets, in Col. 6 Lines 4-7). Furthermore, the complete packets were stored 

19 in the packet storage memory for processing (See Maher Col. 6 Lines 12-14). Therefore, the 

20 examiner does not find the argument persuasive. 

21 Regarding applicants' argument v. that Maher did not disclose processing based on the 

22 transport layer protocol, the examiner does not find the argument persuasive. Maher disclosed 
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1 queuing the packets based on the application type of the packet (i.e. email, VoIP, etc.) in Col. 7 

2 Paragraph 3). The application type is appUcation layer data which could not have been accessed 

3 until transport layer processing had been performed. Therefore, it was inherent that Maher 

4 performed transport layer processing in order to access the application layer data. Therefore, the 

5 examiner does not find the argument persuasive. 

6 Regarding applicants' argument vi. that Maher did not disclose decoding the reassembled 

7 segment prior to scanning, the examiner does not find the argument persuasive. Maher in Col. 9 

8 Lines 29-32 disclosed decoding the data to be scanned by removing the white space from the 

9 data. Furthermore, it was inherent that the packets were decoded in order to access the payload 

10 for scanning. Therefore the examiner does not find the argument persuasive. 

1 1 Regarding applicants' argument vii. that Maher did not disclose terminating the packet 

12 stream if the segment is not infected, the examiner does not find the argument persuasive. Maher 

13 disclosed that once the scanning engine had determined that the was no match, the scanning was 

14 complete and no further data was required for that flow (See Maher Col. 9 Line 58 - Col. 10 

15 Line 30). As such the examiner does not find the argument persuasive. 

16 Regarding applicants' argument viii. that Maher did not disclose all of "logging an 

17 infection; generating a warning; spoofing a valid datagram; and acquiescing to the infection, the 

18 examiner does not find the argument persuasive. The claim language does not require all of the 

19 listed limitations, but instead only requires "at least one of" them. The sighted section falls 

20 within the scope of "spoofing". As such, the examiner does not find the argument persuasive. 

21 Therefore, the examiner has maintained the prior art rejections presented below. 
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1 All objections and rejections not presented below have been withdrawn. 

2 Claims 1-10, 13-25, 28-38, 40-47, and 49-55 have been examined. 

3 Specification 

4 The specification is objected to as failing to provide proper antecedent basis for the 



5 claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the 

6 following is required: Claims 32 and 41 recite that "each of a plurality of protocol-specific 

7 modules process each reassembled datagram based on an upper protocol layer employed by the 



8 reassembled datagram". However, there is no support for this limitation in the specification as 

9 filed. See the rejection of claims 32-38, 40-47, and 49-54 under 35 USC 112 1"^ paragraph 

10 below. 

1 1 The specification is objected to as failing to provide proper antecedent basis for the 



12 claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.0 l(o). Correction of the 

13 following is required: Claims 53-54 recite "a plurality of protocol-specific scanning sub- 

14 modules, each protocol specific scanning sub-module designated for scanning network protocol 

1 5 packets of a particular protocol". However, there is no support for this limitation in the 

16 specification as filed. See the rejection of claims 53-54 under 35 USC 112 1^ paragraph below. 

17 Claim Rejections - 35 USC § 112 

1 8 The following is a quotation of the first paragraph of 35 U.S. C. 112: 

1 9 The specification shall contain a written description of the invention, and of the manner and process of making 

20 and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 

2 1 pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 

22 contemplated by the inventor of carrying out his invention. 
23 

24 Claims 32-38, 40-47, and 49-54 rejected under 35 U.S.C. 1 12, first paragraph, as failing 

25 to comply with the written description requirement. The claim(s) contains subject matter which 
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1 was not described in the specification in such a way as to reasonably convey to one skilled in the 

2 relevant art that the inventor(s), at the time the application was filed, had possession of the 

3 claimed invention. Claims 32 and 41 recite that "each of a plurality of protocol-specific modules 

4 process each reassembled datagram based on an upper protocol layer employed by the 

5 reassembled datagram". Although there is support for multiple sub-modules in the scanner, there 

6 is no support for a plurality of separate modules which each process each datagram. As such, the 

7 ordinary person skilled in the art would not be able to determine whether the applicants were in 

8 possession of the claimed invention at the time of filing. Therefore, claims 32 and 41 are 

9 rejected for failing to meet the written description requirement of 35 USC 112 1^ paragraph, 

10 Claims 33-38, 40, 42-47, and 49-54 are rejected by virtue of their dependency to claims 32 and 

11 41. 

12 Claims 53-54 recite "a plurality of protocol-specific scanning sub-modules, each protocol 

13 specific scanning sub-module designated for scanning network protocol packets of a particular 

14 protocol". Although there is support for the protocol-specific scanning sub-modules, there is no 

1 5 support that they actually scan the packets. Instead, the specification provides support that they 

16 simply are used to retrieve the packets and provide them to the scanner. As such, the ordinary 

17 person skilled in the art would be unable to determine whether the applicants were in possession 

18 of the claimed invention at the time of filing. Therefore, claims 53-54 are rejected for failing to 

19 meet the written description requirement of 35 USC 1 12 1^ paragraph. 
20 

21 
22 
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1 Claim Rejections - 35 USC §102 

2 The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 

3 basis for the rejections under this section made in this Office action: 

4 A person shall be entitled to a patent unless - 
5 

6 (e) the invention was described in (I) an application for patent, published under section 

7 122(b), by another filed in the United States before the invention by the applicant for patent or 

8 (2) a patent granted on an application for patent by another filed in the United States before the 

9 invention by the applicant for patent, except that an international application filed under the 

10 treaty defined in section 35 J (a) shall have the ejects for purposes of this subsection of an 

1 1 application filed in the United States only if the international application designated the United 

12 States and was published under Article 21(2) of such treaty in the English language, 
13 

14 

15 Claims 1-10, 13-14, 16-25, 28-29, 31 and 55 are rejected under 35 U.S.C. 102(e) as being 

16 anticipated by Maher, III et al. (US Patent Number 6,381,242) hereinafter referred to as Maher. 

17 Regarding claim 1, Maher disclosed a system for providing passive screening of transient 

18 messages in a distributed computing environment (See Maher Abstract), comprising: a network 

19 interface passively monitoring a transient packet stream at a network boundary (See Maher 

20 Column 5 lines 46-54 and Col. 7 Lines 13-15) comprising receiving incoming datagrams 

21 structured in compliance with a network protocol layer (See Maher Col. 5 Lines 46-54 and Col. 3 

22 Lines 54-67 wherein it was inherent that the packets were compliant with a network layer in 

23 order for them to be transmitted through the network); a packet receiver reassembling one or 

24 more of the incoming datagrams into a segment structured in compliance with a transport 

25 protocol layer (See Maher Col. 5 Line 60 - Col. 6 Line 7); an antivirus scanner scanning contents 

26 of the reassembled segment for a presence of at least one of a computer virus and malware to 

27 identify infected message contents (See Maher Col. 10 Lines 42-46), and a protocol-specific 
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1 module processing each reassembled datagram based on the transport layer protocol employed 

2 by the reassembled datagram (See Maher Col. 7 Lines 18-30). 

3 Regarding claim 16, Maher disclosed a method for passive screening of transient 

4 messages in a distributed computing environment (See Maher Abstract), comprising: passively 

5 monitoring a transient packet stream at a network boundary (See Maher Column 5 lines 46-54 

6 and Col. 7 Lines 13-15) comprising receiving incoming datagrams structured in compliance with 

7 a network protocol layer (See Maher Col. 5 Lines 46-54 and Col. 3 Lines 54-67 wherein it was 

8 inherent that the packets were compliant with a network layer in order for them to be transmitted 

9 through the network); reassembling one or more of the incoming datagrams into a segment 

10 structured in compliance with a transport protocol layer (See Maher Col. 5 Line 60 - Col. 6 Line 

1 1 7); scanning contents of the reassembled segment for a presence of at least one of a computer 

12 virus and malware to identify infected message contents (See Maher Col. 10 Lines 42-46), and 

13 processing each reassembled datagram based on the transport layer protocol employed by the 

14 reassembled datagram (See Maher Col. 7 Lines 18-30). 

15 Regarding claims 2 and 17, Maher disclosed an incoming queue staging each incoming 

16 datagram intermediate to reassembly (See Maher Col. 8 Lines 42-5 1). 

17 Regarding claims 3 and 18, Maher disclosed a network protocol-specific decoder 

18 decoding the reassembled segment prior to scanning (See Maher Col. 5 Line 65 - Col 6 Line 1). 

19 Regarding claims 4 and 19, Maher disclosed that the antivirus scanner terminates the 

20 transient packet stream if the reassembled segment is not infected with at least one of a computer 

21 virus and malware (See Maher Col. 7 Lines 30-33). 
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1 Regarding claims 5 and 20, Maher disclosed that the antivirus scanner takes an action if 

2 the reassembled segment is infected with at least one of a computer virus and malware (See 

3 Maher Col. 10 Lines 42-46). 

4 Regarding claims 6 and 21, Maher disclosed that the action comprises at least one of 

5 logging an infection; generating a warning; spoofing a valid datagram in place of the infected 

6 datagram (See Maher Col 10 Lines 42-46); and acquiescing to the infection. 

7 Regarding claims 7 and 22, Maher disclosed a protocol-specific queue staging each 

8 reassembled segment with other reassembled segments sharing the same transport protocol layer 

9 (See Maher Col. 7 Lines 1 8-30). 

10 Regarding claims 8 and 23, Maher disclosed an information record storing information 

1 1 dependent on the same transport protocol layer with the staged reassembled segment (See Maher 

12 Col. 6 Lines 12-22). 

13 Regarding claims 9 and 24, Maher disclosed a contents record storing the contents with 

14 the staged reassembled segment (See Maher Col. 6 Lines 12-19). 

15 Regarding claims 10 and 25, Maher disclosed that the information comprises at least one 



16 of a source address, source port number, destination address, destination port number, URL, file 

17 name, user name, sender identification, recipient identification, and subject (See Maher Col. 6 

18 Lines 20-22). 



19 Regarding claims 13 and 28, Maher disclosed an event correlator analyzing the transient 

20 packet stream for events indicative of a network service attack (See Maher Col. 7 Lines 35-50). 

21 Regarding claims 14 and 29, Maher disclosed a data repository maintaining each event 

22 (See Maher Col. 7 Lines 40-48). 
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1 Regarding claim 55, Maher disclosed that the incoming datagrams include IP datagrams 

2 that are reassembled into TCP segments (See Maher Col. 6 Lines 4-7 and Col. 7 Paragraph 3 

3 wherein it was inherent that the PDUs of the email data was processed to TCP segments in order 

4 to get the payload of the data for scanning.) 

5 Claim 3 1 is rejected for the same reasons as claims 16-25, and 28-29 and further 

6 because Maher disclosed processors executing the described functions (See Maher Col. 1 1 lines 

7 34-37). 

8 Claim Rejections - 35 USC §103 

9 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

10 obviousness rejections set forth in this Office action: 

1 1 A patent may not be obtained though the invention is not identically disclosed or described as set 

12 forth in section 102 of this title, if the differences between the subject matter sought to be 

13 patented and the prior art are such that the subject matter as a whole would have been obvious 

14 at the time the invention was made to a person having ordinary skill in the art to which said 

1 5 subject matter pertains. Patentability shall not be negatived by the manner in which the 

1 6 invention was made, 
17 

18 Claims 32-35, 38, 41-44, 47, and 50-52 are rejected under 35 U.S.C. 103(a) as being 

19 unpatentable over Maher, as evidenced by Stevens (TCP/IP Illustrated Vol. 1). 

20 Regarding claim 32, Maher disclosed a system for passively detecting computer viruses 

21 and malware and denial of service-type network attacks in a distributed computing environment, 

22 comprising: a network interface receiving copies of datagrams transiting a boundary of a 

23 network domain into an incoming packet queue, each datagram being copied fro a packet stream 

24 (See Maher Col. 5 Paragraph 4 Fast Access Bus); a packet receiver reassembling one or more of 

25 the incoming datagrams from the incoming packet queue into network protocol packets, each 
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1 staged in a reassembled packet queue (See Maher Col 5 Line 60 - Col 6 Line 14); an antivirus 

2 scanner scanning each network protocol packet from the reassembled packet queue to ascertain 

3 an infection of at least one of a computer virus and malware (See Maher Col 10 Lines 42-46), 

4 and an event correlator evaluating events identified from the datagrams in the packet stream to 

5 detect a denial of service-type network attack on the network domain (See Maher Col Col 7 

6 Lines 35-50), and disclosed determining the type of data the packets contained (See Maher Col 

7 7 Paragraph 3) as well as scanning the payload of the packets (See Maher Col 10 Lines 42-46), 

8 however Maher failed to disclose how the data type of the packet was ascertained or how the 

9 payload was retrieved. 

10 It was well known that in the Internet Protocol there are multiple layers and that each 

1 1 layer contains different modules, such as the TCP module and the UDP module of the transport 

12 layer. It was also well known that in order to get to the data in the application layer packet, such 

13 as the payload and the packet type, the transport layer module must process the transport layer 

14 packet to reveal the application layer packet. This is evidenced by Richards Pages 6-11. 

15 It would have been obvious to the ordinary person skilled in the art at the time of 

16 invention to employ what was well known in the art of networking and TCP/IP in order to gain 

17 access to the data in the packets for scanning and queuing. This would have been obvious 

1 8 because the ordinary person skilled in the art would have been motivated to use what was well 

19 known in the art. 

20 Regarding claim 41, Maher disclosed a method for passively detecting computer viruses 

21 and malware and denial of service-type network attacks in a distributed computing environment, 

22 comprising: receiving copies of datagrams transiting a boundary of a network domain into an 



Application/Control Number: 10/061,415 Page 12 

Art Unit: 2131 

1 incoming packet queue, each datagram being copied fro a packet stream (See Maher Col. 5 

2 Paragraph 4 Fast Access Bus); reassembling one or more of the incoming datagrams from the 

3 incoming packet queue into network protocol packets, each staged in a reassembled packet queue 

4 (See Maher Col. 5 Line 60 - Col. 6 Line 14); scanning each network protocol packet from the 

5 reassembled packet queue to ascertain an infection of at least one of a computer virus and 

6 malware (See Maher Col. 10 Lines 42-46), and evaluating events identified from the datagrams 

7 in the packet stream to detect a denial of service-type network attack on the network domain (See 

8 Maher Col. Col. 7 Lines 35-50), and disclosed determining the type of data the packets contained 

9 (See Maher Col. 7 Paragraph 3) as well as scanning the payload of the packets (See Maher Col. 

10 10 Lines 42-46), however Maher failed to disclose how the data type of the packet was 

1 1 ascertained or how the payload was retrieved. 

12 It was well known that in the Internet Protocol there are muhiple layers and that each 

13 layer contains different modules, such as the TCP module and the UDP module of the transport 

14 layer. It was also well known that in order to get to the data in the application layer packet, such 

1 5 as the payload and the packet type, the transport layer module must process the transport layer 

16 packet to reveal the application layer packet. This is evidenced by Richards Pages 6-11. 

17 It would have been obvious to the ordinary person skilled in the art at the time of 

1 8 invention to employ what was well known in the art of networking and TCP/IP in order to gain 

19 access to the data in the packets for scanning and queuing. This would have been obvious 

20 because the ordinary person skilled in the art would have been motivated to use what was well 

21 known in the art. 
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1 Regarding claims 33 and 42, Maher disclosed a parser parsing each reassembled 

2 datagram into network protocol-specific information and packet content (See Maher Col. 5 Line 

3 65 -Col. 6 Line 19). 

4 Regarding claims 34 and 43, Maher disclosed extracting the header information from the 

5 packets (See the rejection of claim 33 above), but failed to disclose specifically what information 

6 was contained in the headers. It was well known in the art at the time of invention that the 

7 headers of HTTP messages contained a source address and port number, a destination address 

8 and port number, and a URL, the headers of an FTP message contained the filename and 

9 username, and the headers for the SMTP contained the sender identifier, receiver identifier, and 

10 subject. As such, it would have been obvious to the ordinary person skilled in the art at the time 

1 1 of invention to employ what was well known by extracting the header information from the 

12 headers of the packets. This would have been obvious because the ordinary person would have 

13 been motivated to extract what was known to be contained in the header. 

14 Regarding claim 35 and 44, Maher disclosed a decoder decoding the packet content prior 

15 to performing the operation of scanning (See Maher Col. 5 Line 65 - Col. 6 Line 1 and Col. 2 

16 Lines 9-12). 

17 Regarding claim 38 and 47, Maher disclosed a spoof module sending a spoofed network 

18 protocol packet responsive to an occurrence of at least one of the infection and the network 

19 attack (See Maher Col. 10 Lines 42-46). 

20 Claim 50 is rejected for the same reasons as claims 32-33, 35, 38, 41-42, 44, and 47 and 

21 ftirther because Maher disclosed processors executing the described functions (See Maher Col. 

22 11 lines 34-37). 
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1 Regarding claim 51, Maher disclosed that the packets comprised general "web surfing" 

2 traffic, email traffic, and VoIP traffic (See Maher Col. 7 Paragraph 3), but failed to specifically 

3 disclose the specific protocols used for each. It was well known at the time invention that 



4 general web surfing traffic utilized HTTP, and that email traffic utilized SMTP (Simple Mail 

5 Transport Protocol) and P0P3. Therefore, it would have been obvious to the ordinary person 

6 skilled in the art at the time of invention to employ what was well known in the art by using the 

7 HTTP, SMTP, and P0P3 protocols. This would have been obvious because the ordinary person 

8 skilled in the art would have been motivated to use the protocols that were standard in the art. 



9 Regarding claim 52, Maher disclosed that only datagrams compliant with IP protocol are 

10 reassembled (See Maher entire reference especially the last paragraph of Col. 3, wherein only IP 

1 1 type traffic was disclosed). 

12 Claims 15, 30, 40, and 49 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

13 Maher as applied to claims 1, 16, 32, and 41 above, and further in view of Hailpern et al. (US 

14 Patent Number 6,275,937) hereinafter referred to as Hailpern. 

15 Maher disclosed a system for scanning IP network packets for viruses (See the rejection 

16 of claim 1 above and Col. 3 Lines 54-67), but failed to disclose that all the incoming messages 

17 were SMTP compliant, and therefore TCP compliant. 

18 Hailpern teaches that virus scanning should be set up for each network protocol proxy, 

19 including E-mail, in order to scan for viruses (See Hailpern Col. 4 Lines 1-13). 

20 It would have been obvious to the ordinary person skilled in the art to employ the 

21 teachings of Hailpern in the virus scanning system of Maher by modifying mail servers to 

22 contain the scanning system of Maher. This would have been obvious because the ordinary 
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1 person skilled in the art would have been motivated to enable the proxies to be able to scan the 

2 types of communications they already process and therefore reduce network traffic and delay. 

3 Further, SMTP mail servers were well known in the art at the time of invention, and it would 

4 have been obvious to utilize the scanning system of Maher in an SMTP mail server. This would 

5 have been obvious because the ordinary person skilled in the art would have been motivated to 

6 protect SMTP mail servers from viruses. 

7 Claims 36-37 and 45-46 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

8 Maher as applied to claims 32 and 41 above, and further in view of Bates et al. (US Patent 

9 Number 6,785,732) hereinafter referred to as Bates, 

10 Maher disclosed detecting viruses in network packets (See the rejection of claim 38 

1 1 above), but failed to disclose logging the detection or generating a warning. 

12 Bates teaches that upon detecting a virus, the detection should be logged and a warning 

13 should be generated (See Bates Col 12 Lines 41-48 and Col. 10 Lines 2-8). 

14 It would have been obvious to the ordinary person skilled in the art at the time of 

15 invention to employ the teachings of Bates in the packet scanning system of Maher by logging 

16 virus detections and generating warnings in the event of virus detection. This would have been 

17 obvious because the ordinary person skilled in the art would have been motivated to enable the 

1 8 server to analyze the virus activity and to alert the sender of the virus of the virus. 

19 Claims 53-54 are rejected under 35 U.S.C. 103(a) as being unpatentable over Maher as 

20 applied to claim 32 above, and further in view of Epstein et al. (US Patent Number 6,684,329) 

2 1 hereinafter referred to as Epstein. 
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1 Maher disclosed scanning packets for viruses (See Maher Col. 6 Line 59 - Col. 7 Line 6), 

2 but failed to disclose sub-modules which each scan one of HTTP, FTP, SMTP, and NNTP 

3 packets. 

4 Epstein teaches that in a firewall which scans for viruses, proxy sub-modules should be 

5 provided in the firewall for each of HTTP, FTP, SMTP, and NNTP protocol packets (See Epstein 

6 Col. 1 Lines 27-53 and Col. 3 Lines 8-21). 

7 It would have been obvious to the ordinary person skilled in the art at the time of 



8 invention to employ the teachings of Epstein in the virus scanning of Maher by providing 

9 protocol specific proxy servers in the firewall to scan each of HTTP, SMTP, FTP, and NNTP 
10 packets. This would have been obvious because the ordinary person skilled in the art would 



1 1 have been motivated to provide the network administrator with greater control over the traffic 

1 2 which traversed the content processor. 

13 Conclusion 

14 Claims 1-10, 13-25, 28-38, 40-47, and 49-55 have been rejected. 

1 5 Applicant's amendment necessitated the new ground(s) of rejection presented in this 

16 Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

17 Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 . 136(a). 

18 A shortened statutory period for reply to this final action is set to expire THREE 

19 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

20 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

21 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

22 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
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1 CFR 1 . 1 36(a) will be calculated from the mailing date of the advisory action. In no event, 

2 however, will the statutory period for reply expire later than SIX MONTHS from the date of this 

3 final action. 

4 Any inquiry concerning this communication or earlier communications from the 

5 examiner should be directed to Matthew T. Henning whose telephone number is (571) 272-3790. 

6 The examiner can normally be reached on M-F 8-4. 

7 If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 

8 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

9 organization where this application or proceeding is assigned is 571-273-8300, 

10 Information regarding the status of an application may be obtained from the Patent 

1 1 Application Information Retrieval (PAIR) system. Status information for published applications 

12 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

13 applications is available through Private PAIR only. For more information about the PAIR 

14 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

15 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




17^ Matthew Henning 

18 Assistant Examiner /i 

19 Art Unit 2131 M-ny^^^ 

20 11/3/2005 SHEIKH 

SUPERVISORY PATENT EXAMINER 

21 TEcUlOGYC?^R2100 



